---
title: "Setting up OIDC with okta"
---

<Steps>
    <Step title="Create an application with your OIDC provider">
        For example, in Okta, once you create an account, you can click on Applications on the sidebar menu:
        <img src="/images/i1600x900-oVjaQ0tU3AnO_wrzp85.png" />
    </Step>
    <Step title="Click on Create App Integration">
        <img src="/images/i1600x900-wrIlZkLdZ6kL_wf7mxn.png" />
    </Step>
    <Step title="Select OIDC in the modal form, along with Web App, and click Next">
        <img src="/images/i1600x900-IfRWYg8XuCMI_tkwyft.png" />
    </Step>
    <Step title="Enter the Sign in redirect URL and sign out URL">
        Enter the Sign in redirect URL (or auth URL) as:
        ```
        https://app.cal.com/api/auth/oidc
        ```
        And the sign out URL as:
        ```
        https://app.cal.com/auth/login
        ```
        <img src="/images/i1600x900-TqgDJpBoiR-C_onrwit.png" />
    </Step>
    <Step title="Gather Client Secret, Client ID, and Well Known URL">
        Now you should have the Client Secret and Client ID with you. You would also need the Well Known URL which for Okta is generally of the type:
        ```
        https://{yourOktaDomain}/.well-known/openid-configuration
        ```
        So, if your Okta domain is `dev-123456.okta.com`, your well known URL would be:
        ```
        https://dev-123456.okta.com/.well-known/openid-configuration
        ```
    </Step>
    <Step title="Log in">
        Log in with the Organization Admin user.
    </Step>
    <Step title="Go to Organization SSO Settings">
        Visit `https://app.cal.com/settings/organizations/sso` and you should see something like this:
        <img src="/images/i1600x900-8ufcUyCOVwV6_hdudno.png" />
    </Step>
    <Step title="Configure SSO with OIDC">
        Click on Configure SSO with OIDC, and then enter the Client Secret, Client ID, and Well Known URL from Step 5, and click save.
        <img src="/images/i1600x900-GN1NLgrcf5r4_tmhni3.png" />
    </Step>
</Steps>

        That's it. Now when you try to login with SSO, your application on Okta will handle the authentication.
